Security company Malwarebytes recently ran an article on their site about how malvertising as hit realtor.com, possibly infecting many of the 28 million monthly visitors. Malvertising is defined as the use of online advertising to spread malware where malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.
Here is the article in full ...
As the debate about online ads is raging thanks to Apple’s introduction of ad blockers in its App Store, malvertising keeps on striking high-profile sites.
The latest victim is popular real estate website realtor.com, ranked third in its category with an estimated 28 million monthly visits according to SimilarWeb.
People browsing the site in the last few days may have been exposed to this malvertising campaign and consequently infected if their computers were not patched or did not have adequate security software. Like all other malvertising attacks, this one did not require to click on the bogus ad to get infected.
The same gang that was behind the recent campaign we documented on this blog is still going at it using the same stealth tactics, which we will elaborate on a little more here.
We should also note that the use of SSL to encrypt web traffic is getting more and more common in the fraudulent ad business and that only makes tracking bad actors more difficult.
We have alerted both the publisher (Realtor.com) and the ad serving technology platform (AdSpirit) about this attack and the latter has already taken action to disable the malicious creative.